Report - mahasinsaif.banouta.net/t3-topic

Report Overview

Submitted URL
mahasinsaif.banouta.net/t3-topic
IP
94.23.159.185
ASN
#16276 OVH SAS
Submitted
2022-12-04 21:59:33
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
datatechonert.com	46154	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	508 B	491 B	37.48.68.71
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	6.1 kB	172.67.194.45
am-match.taboola.com	12278	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.3 kB	3.2 kB	141.226.228.48
x.bidswitch.net	286	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	212 B	3.123.160.250
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	551 B	752 B	139.45.195.8
bidder.criteo.com	750	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	996 B	917 B	178.250.0.165
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	172.64.155.188
connect.topicit.net	523065	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	931 B	188.114.97.1
cdn.betgorebysson.club	149925	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	42 kB	139.45.195.8
am-vid-events.taboola.com	11733	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	212 B	141.226.228.48
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
static.criteo.net	652	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	447 B	178.250.0.130
vidstat.taboola.com	1927	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	256 kB	151.101.129.44
gem.gbc.criteo.com	6039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	6.2 kB	185.235.84.88
sync.search.spotxchange.com	523	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	5.0 kB	185.94.180.125
cdn.taboola.com	1040	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	188 kB	151.101.129.44
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	524 B	694 B	142.250.74.163
gum.criteo.com	381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	17 kB	178.250.0.157
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	2.0 kB	143.204.42.158
2img.net	212398	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	10 kB	104.21.235.175
illiweb.com	265462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	42 kB	104.21.63.213
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	620 B	718 B	108.177.14.156
ag.gbc.criteo.com	5925	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	6.4 kB	185.235.84.142
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.1 kB	12 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
match.adsrvr.org	349	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.1 kB	35.71.131.137
wf.taboola.com	2328	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.8 kB	1.7 kB	151.101.129.44
15.taboola.com	1912	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	641 B	151.101.129.44
mahasinsaif.banouta.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	61 kB	178.33.43.178
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	21 kB	216.239.32.178
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	525 B	694 B	142.250.74.132
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.76.226
trc-events.taboola.com	1779	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	643 B	163 B	141.226.228.48
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	1.9 kB	104.18.21.226
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	44 kB	142.250.74.168
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.162.110.205
images.taboola.com	1621	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	36 kB	151.101.129.44
secure-assets.rubiconproject.com	1057	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	553 B	293 B	104.85.187.217
api.viglink.com	4397	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	2.0 kB	34.246.116.79
trc.taboola.com	602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.1 kB	151.101.129.44
ups.analytics.yahoo.com	287	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	2.0 kB	3.126.56.137
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.3 kB	142.250.74.131
cdn.viglink.com	4113	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	29 kB	54.230.111.6
dnacdn.net	3760	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.1 kB	178.250.0.157
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	34 kB	34.120.237.76
imprammp.taboola.com	11978	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	1.1 kB	151.101.129.44
eus.rubiconproject.com	556	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	952 B	11 kB	104.88.9.101
taboola-supply-partners.tremorhub.com	3369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	484 B	34.192.165.142
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
stootsou.net	145219	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	3.3 kB	139.45.197.250
vidstatb.taboola.com	8893	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	861 B	151.101.129.44
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	35 kB	216.58.207.234
twemoji.maxcdn.com	9109	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	21 kB	151.139.237.124

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	stootsou.net	Sinkholed
2022-12-04	medium	stootsou.net	Sinkholed
2022-12-04	medium	stootsou.net	Sinkholed
2022-12-04	medium	datatechonert.com	Sinkholed
2022-12-04	medium	stootsou.net	Sinkholed
2022-12-04	medium	stootsou.net	Sinkholed
2022-12-04	medium	stootsou.net	Sinkholed

JavaScript (49)

	URL	Size	First Seen	Last Seen
	gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS	30 kB	2023-03-07	2023-03-26
Pretty URL gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS IP 178.250.0.157 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:23:23 Last Seen2023-03-26 04:43:03 Times Seen53 Hash d0427fd88e9741c2b20de62ba313a2e7 c3f76e44bdcb6b9e2958ebcae873382965b6941b bb789c36615ba0b66b8cc310e5965cdfe471714b935f1bff5516ff6999e711c5 Loading...

	mahasinsaif.banouta.net/t3-topic	103 B	2023-03-08	2023-03-08
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:56 Last Seen2023-03-08 16:18:56 Times Seen1 Hash ed18bc8698fb2fa28f799bc9b1191694 2d28ec14a648a4c85c74206004db4e34a5ddac8f f44589bfab2237ec69ec38248dccfb0135e255cddabcc6a84429e67ef9827238 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 172.67.194.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js	18 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:57:29 Last Seen2023-03-08 16:42:24 Times Seen1 Hash f257084fa5d40369fd5095838cc508c9 8d00a209e8255599a2694a3ddfdc252435b99b19 a592fc702c894fe8931fbda0b24a43ce5bf3bffa1423ed3413e649caf75ed420 Loading...

	illiweb.com/rs3/66/frm/lang/notutf8-ar.js	75 kB	2023-03-07	2023-04-14
Pretty URL illiweb.com/rs3/66/frm/lang/notutf8-ar.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:52:20 Last Seen2023-04-14 22:27:46 Times Seen4 Hash 4a140cee443e4115b24e0cdb3fdd8fab a5be9fcbdaa30c36101c4754c08aef0fb1f383a0 744f2a3e4c6a3be1e929e19cd2578699c79ab9cc6cab7cb5e184ff74b194f2d5 Loading...

	mahasinsaif.banouta.net/t3-topic	51 B	2023-03-07	2024-04-19
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:51 Last Seen2024-04-19 17:26:25 Times Seen31 Hash 31413c1a0520f96981534f262a266579 ea3b9b49e90bd399a7042952268f01a95a3a405a d75199ccb2b6682e717ae84c96162eb5e341b62a189c22d1ad74fdcf6db27987 Loading...

	mahasinsaif.banouta.net/t3-topic	172 B	2023-03-07	2024-01-03
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen36 Hash eac2977105f7afa338df42213637c7e8 b8da68cf1722f55c0013b2c642ff3315f8d03755 ee35e392c911a32615a69c87ae4dcf90dabcedb74b9b8f1df12010e4622e25a8 Loading...

	connect.topicit.net/scripts/connect.js	3.5 kB	2023-03-07	2024-04-19
Pretty URL connect.topicit.net/scripts/connect.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen93 Hash df06f0c81b83b4161d3a2c843e71de58 ac09970aca15ee03496cbe68c2a2f06914e19855 39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542 Loading...

	eus.rubiconproject.com/usync.js	34 kB	2023-03-08	2023-03-08
Pretty URL eus.rubiconproject.com/usync.js IP 104.88.9.101 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:56:23 Last Seen2023-03-08 16:43:51 Times Seen1 Hash 959f5ae6b9aa544c8c0420d8a55fb02e af518829d34b090ea640d7678480f293af4d1364 4b559bf24cc97ac1774400d06f497d65dadd2e66b96054280cc98009b12a196f Loading...

	gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net#%7B%22uid%22:%7B%22origin%22:0%7D,%22lwid%22:%7B%22origin%22:0%7D,%22bundle%22:%7B%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22origin%22:0%7D,%22tld%22:%22banouta.net%22,%22topUrl%22:%22mahasinsaif.banouta.net%22,%22version%22:132,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertag%22,%22requestId%22:%220.8067112629626866%22%7D	418 B	2023-03-07	2023-04-01
Pretty URL gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net#%7B%22uid%22:%7B%22origin%22:0%7D,%22lwid%22:%7B%22origin%22:0%7D,%22bundle%22:%7B%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22origin%22:0%7D,%22tld%22:%22banouta.net%22,%22topUrl%22:%22mahasinsaif.banouta.net%22,%22version%22:132,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertag%22,%22requestId%22:%220.8067112629626866%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:37 Last Seen2023-04-01 10:34:33 Times Seen447 Hash 755b312976dc0edb23fa08bed999c482 6685710ba04dc63e4122ec3ce89f3adfe479adf4 663197a6a8353d989cdc65d4f3112e425a00839c85a3fde99bbe451a9c604a6f Loading...

	cdn.taboola.com/libtrc/forumotion-ar/loader.js	180 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/forumotion-ar/loader.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:19 Last Seen2023-03-08 16:24:06 Times Seen1 Hash 4ce1aa58b1acafb9b4f2ae3522152e9b aef171ae77538edfe2ff3efb74ed8185d7420100 63b0e4c3be434a1f32d0aa593f6d3415c444d05ca2e47f8139c78065f368a645 Loading...

	mahasinsaif.banouta.net/t3-topic	112 B	2023-03-07	2023-04-05
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-04-05 02:10:30 Times Seen82 Hash e47ee79f740c9eae02464288746f765d 9f2a84ab535d0c773c2d822221917b26446c6d46 24ca2d2952aa702f4191a162f59fbad191c648e851dae7876434baf548af95a7 Loading...

	sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26	48 B	2023-03-07	2023-04-05
Pretty URL sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 IP 185.94.180.125 ASN #35220 SpotXchange, INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:17 Last Seen2023-04-05 02:10:58 Times Seen78 Hash 2d6ab7977318f2c31d62dda3dec46783 4ca6f92d639651501c71376b091a27310a802a08 0e83fa75cca53fdf9f015d488741d8b8678647f52211bcaed68d8d59900daea7 Loading...

	www.googletagmanager.com/gtag/js?id=UA-144347007-1	112 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-144347007-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:56 Last Seen2023-03-08 16:24:06 Times Seen1 Hash 1aa3498cd177f2accfa9ea59ba4de179 59d96ab270db22cead0ab93a7e1f0fd7e2b9248b af153606640570956f4dde682c2209da4c02ab2d9866369fa8b84fe17327aefd Loading...

	illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js	1.0 kB	2023-03-07	2024-04-19
Pretty URL illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen152 Hash 12a485a250e60806fbe4ab8bd03dfbf8 ea48bc03bfb90a966f28d302992ec02fe55da978 6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90 Loading...

	illiweb.com/rs3/66/frm/embed/FA_Embed.js	277 B	2023-03-07	2024-01-20
Pretty URL illiweb.com/rs3/66/frm/embed/FA_Embed.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-20 22:09:05 Times Seen67 Hash 7c08b7f1da97c37b7680d6f879d7ed40 97f715f01a5bb9d07ec879e3b5e14a631b087740 432bb74f6f65f0b392e4b531804bf529db2f58fa1868537599097f408c02b481 Loading...

	mahasinsaif.banouta.net/t3-topic	70 B	2023-03-07	2024-04-19
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen60 Hash 7d95955272fc06a396db4bf66d9d6247 1a4b36a4b619d7f680909d4e7f574f15d3542ee7 b03b4f9d334c2b312ee05154d8eedbc5a64ca9764bd0a795920e73faf4d874db Loading...

	mahasinsaif.banouta.net/t3-topic	139 B	2023-03-07	2023-10-01
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-10-01 10:50:16 Times Seen38 Hash 19e57056f1e5b06edac6b9654418f705 863dadea1e6158fea52bd8bfb1eab0cc13107c12 30f513144bf444457a7c1aadbe1e937ffe5d33eea89055ef9032f1aa9a2439eb Loading...

	mahasinsaif.banouta.net/t3-topic	102 kB	2023-03-08	2023-03-11
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:37 Times Seen1 Hash 4224657dcd443a3bd29476e92ab48558 d237d75a44e44df6826a0f3fe76a848de0599070 e3abef6168f06a92edfc05945cd2336f3ba3bb2719c3380393ec498e755c97fb Loading...

	sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26	24 B	2023-03-07	2023-04-05
Pretty URL sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 IP 185.94.180.125 ASN #35220 SpotXchange, INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:15 Last Seen2023-04-05 02:02:51 Times Seen38 Hash 1e3bd14d71f3caf020f1c1b6f17af5c0 6b2cbc5e57a49c3d549a2157110c55f4494766c1 228fd0ed6f7661bc06d1e5474fdc18de96880b002491b53a52ff12bf8ac50945 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:12:02 Times Seen37112009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mahasinsaif.banouta.net/t3-topic	12 kB	2023-03-08	2023-03-08
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash 3cd41ff4dd44a847bd6c2a4eb142d976 f11cae1f1da28479df8e0fff944705fd281d1877 02a5c83902b058ff116f16d6c49a9d259a12d099a195ea8e4785810e1dc179f9 Loading...

	mahasinsaif.banouta.net/t3-topic	411 B	2023-03-07	2023-03-17
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-03-17 12:40:57 Times Seen1 Hash d8793ee455d156d658f5f70e3ed7bcf8 dc25bbd1fd938f37c21f5b4bc71e0fa6034756f8 db00250066a0114b9d8ed5e81abea3156e2f3b49a94e8685fcafe28ea6f54201 Loading...

	mahasinsaif.banouta.net/t3-topic	30 B	2023-03-07	2024-04-19
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen63 Hash 4ece280a19c04007f1c61ee38cfc055b c425f44785e505687647cd153db2f5d6e947b85c da7ba30ac2306369b237659657949a1d5fad24e99a97245319bac3b5a8bfddac Loading...

	cdn.viglink.com/api/vglnk.js	83 kB	2023-03-07	2023-03-17
Pretty URL cdn.viglink.com/api/vglnk.js IP 54.230.111.6 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-03-17 12:55:08 Times Seen1 Hash 00f6ad35e2ff4f8886dae67b1dd697e6 347d57d6b53509fd87982d06e9f6c3d350cf3f34 73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e Loading...

	cdn.taboola.com/scripts/cds-pips.js	3.5 kB	2023-03-08	2023-12-05
Pretty URL cdn.taboola.com/scripts/cds-pips.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:30 Last Seen2023-12-05 04:26:05 Times Seen293 Hash 383fa66d2a0a09f4a6e64a9593ad43bb 62d7b071d7ec77027d27887803cce960e211f69d 3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a Loading...

	mahasinsaif.banouta.net/t3-topic	474 B	2023-03-07	2024-04-19
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:25 Times Seen76 Hash 5dc2d1991479eee96d79b825b4ed452f bc3983969f797596e3e7f3dd21c5fa6e6106991c 4f479e3c2a795d192a8b82d1ac992bb6a2e7e1f65b8bbd808d5e5a2ff0cebaff Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-27
Pretty URL www.google-analytics.com/analytics.js IP 216.239.32.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-27 02:03:36 Times Seen1536 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net#%7B%22uid%22:%7B%22origin%22:0%7D,%22lwid%22:%7B%22origin%22:0%7D,%22bundle%22:%7B%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22origin%22:0%7D,%22tld%22:%22banouta.net%22,%22topUrl%22:%22mahasinsaif.banouta.net%22,%22version%22:132,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertag%22,%22requestId%22:%220.8067112629626866%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net#%7B%22uid%22:%7B%22origin%22:0%7D,%22lwid%22:%7B%22origin%22:0%7D,%22bundle%22:%7B%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22origin%22:0%7D,%22tld%22:%22banouta.net%22,%22topUrl%22:%22mahasinsaif.banouta.net%22,%22version%22:132,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertag%22,%22requestId%22:%220.8067112629626866%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js	106 kB	2023-03-08	2023-03-14
Pretty URL vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:30 Last Seen2023-03-14 19:26:20 Times Seen1 Hash 1842444d4bb92087143326a4d508875d c14065d1e7b20499d92b09e7da19929570fe2099 e9008fe282850688d5c8544707e9d97ff6d737ee6791afc1d60448750a451b0a Loading...

	stootsou.net/pfe/current/tag.min.js?z=2308013	15 kB	2023-03-08	2023-03-11
Pretty URL stootsou.net/pfe/current/tag.min.js?z=2308013 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:36 Times Seen1 Hash 191ea99ed07a7fe90b457168edd25141 0ace741f1e05b34e1e266360de25d4c29facd2e1 f28c7f29111515de23861d74072c7f60e4a06965c91476e8d7d3409062d9d358 Loading...

	cdn.betgorebysson.club/apu.php?zoneid=3765907	78 kB	2023-03-08	2023-03-08
Pretty URL cdn.betgorebysson.club/apu.php?zoneid=3765907 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash c80fd4104be4d90af9cd2ba164b51a7b 09bd43f9f4f0956bd7261f0c7edacabb543d668e 26657f3faae3c116abbc30a6899b23a360213b2697e8759032882859852d5c1f Loading...

	cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js	19 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:59:04 Last Seen2023-03-08 16:42:24 Times Seen1 Hash 3d57420ee8058c5dd7c6af7bcddf9500 52682c5d9ecd7bcb14b8431a8a0a1a504f7714cc bdf53966918c241f78c5773e8464d601b7ad7b5046b9dffb95c648447baed79e Loading...

	vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js	440 kB	2023-03-08	2023-03-11
Pretty URL vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-11 11:44:10 Times Seen1 Hash 0502215fbbb41298009e9fd896c2a4a5 2495d5d47d076aff9d3ed2b89c1f6c435521b2c9 b9b137b2b93ccf4fcef4bb675d669c142ff4bb73060d285394dc10258797e8ee Loading...

	static.criteo.net/js/ld/publishertag.js	124 kB	2023-03-08	2023-11-06
Pretty URL static.criteo.net/js/ld/publishertag.js IP 178.250.0.130 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:24:18 Last Seen2023-11-06 11:27:56 Times Seen9 Hash 2368015de456ee305017059e5da20f56 894123fc4bc72430f714b694174f8fd4ff12a052 87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403 Loading...

	mahasinsaif.banouta.net/t3-topic	514 B	2023-03-07	2024-04-19
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:25 Times Seen76 Hash 761d2d805f480411fa88e7662492769d c28ca142719025edf8996ac2897d036fc0c2a76e 0ee1b0b1b1b4667a2fd2983949d1c4b6aaaca435394712789388747cbe3d6d53 Loading...

	mahasinsaif.banouta.net/t3-topic	491 B	2023-03-08	2023-03-08
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash fe03a7a201817fcced38c97fa6988e8a 839df0ff2dce85e6cc7865fb0da9042dc611e937 176008e7bb9efe579a7d8b5ed80f1e38cd9cea0de388ecbebd6dd3658eb8303e Loading...

	mahasinsaif.banouta.net/t3-topic	322 B	2023-03-07	2024-01-03
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen34 Hash 9c1735e3df55bb348b1933b393c67c48 403dcbd4b806d5a2e34b6f8497bd030234ca658b 2e47dc28efa9586f4ce6e8db3258f7b8bd70bf0683c210aa2b135acfd38eefa4 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js	95 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-26 17:42:43 Times Seen13796 Hash b8d64d0bc142b3f670cc0611b0aebcae abcd2ba13348f178b17141b445bc99f1917d47af 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Loading...

	vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js	739 kB	2023-03-08	2023-03-08
Pretty URL vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js IP 151.101.129.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash f6bb43c8763b2344ca2ccd6550d139b0 91d35fb9261197558f77966c7af6cbd24ac288bf 48a471d306e290e40c881f74e590fc7d91a62525361da47fa149a020f423e079 Loading...

	twemoji.maxcdn.com/twemoji.min.js	15 kB	2023-03-07	2023-03-17
Pretty URL twemoji.maxcdn.com/twemoji.min.js IP 151.139.237.124 ASN #12989 StackPath LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-03-17 12:40:56 Times Seen1 Hash 0e7562d46a4d2db5e27e0d8ece11622a 038fc48367c0055aff024fb128062181f1b4413b 637282f23b8352c04ecc9dd7b4e1ffb23f8102517d010afaa447b2fb889b689e Loading...

	mahasinsaif.banouta.net/t3-topic	263 B	2023-03-07	2024-01-03
Pretty URL mahasinsaif.banouta.net/t3-topic IP 178.33.43.178 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen36 Hash ef8b50accfd60bbe469f135147911168 ff6c86cd05950889a2e4b1f70655e153c561577e 9a0d1233f8889ad529c9fdd86b379ba5a08dd71ba3939a2206f3e03659965d58 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 15cc84623c8aba3b12c22188fdab6689	80 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash 15cc84623c8aba3b12c22188fdab6689 071e513b592986e99d94cf68c8461faddf2d888c 922834fb5153b9d302bbe863aaa9eb6d881eb7d2715623b216530dffeee254fe Loading...

	#2 Eval - ae53a2fd7d7a046b3097af2f274aa310	27 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash ae53a2fd7d7a046b3097af2f274aa310 ea7714e483ba832b9c559a30a7932d574f96d788 85f04e0ff1e6d132fede438a7205a73b5f9765d63bec4bf35eaa7e61b45f25cd Loading...

	#3 Eval - 73497a37c3561adbd8ce84e4f017b368	9 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-27 01:51:29 Times Seen2164 Hash 73497a37c3561adbd8ce84e4f017b368 9193ae73cb3dd2833be8c942714d5544bfb628c9 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351 Loading...

	#4 Eval - 269f96b5bd4df6937a8bca51912e5879	27 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 16:18:57 Last Seen2023-03-08 16:18:57 Times Seen1 Hash 269f96b5bd4df6937a8bca51912e5879 229e3bd4b825e586c3ee69ce0d27913c95fb5c89 74ac8ddf8cec19332713a552d540f22693749cf7d6221fb786f7244d6b02a31a Loading...

	#5 Eval - 37cd3bd2adbd29e7fafaf20f77f4bf43	18 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:02:19 Last Seen2024-04-15 12:57:44 Times Seen656 Hash 37cd3bd2adbd29e7fafaf20f77f4bf43 d4a665f4bf3dc9a6f3ea3a55c50c5a37c6bd05f5 0f3342bc14063d9ed7a669eb067b50ea17b2cb7dcb51968939b72fa9ac862d91 Loading...

		Size	First Seen	Last Seen
	#1 Write - 90be6fababd84ead318f6ebd34f25269	104 B	2023-03-07	2023-10-01
Pretty Observations First Seen2023-03-07 01:40:33 Last Seen2023-10-01 10:50:16 Times Seen38 Hash 90be6fababd84ead318f6ebd34f25269 e689a91041b2214c8d0eb98e1b0b701a8134c830 147f74332da8a3a6025c02528aa92901c92553e8066a4924adf0b4d08a8439fc Loading...

	#2 Write - 2d6673eded37338627f4fc432783fc4d	759 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 12:04:33 Last Seen2023-05-06 00:14:31 Times Seen121 Hash 2d6673eded37338627f4fc432783fc4d bb226d552cec5533fb1d7fd8b486efa856d7f333 a7e9c7904cd65627b33964bbb90839a2fa154c33d9c353413da6dcdc4fba2295 Loading...

HTTP Transactions (153)

URL IP Response Size

mahasinsaif.banouta.net/t3-topic

178.33.43.178

301 Moved Permanently

0 B

URL HTTP/1.1
mahasinsaif.banouta.net/t3-topic
IP
178.33.43.178:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t3-topic HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 21:59:20 GMT
Content-Length: 0
Location: https://mahasinsaif.banouta.net/t3-topic

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10736
Expires: Mon, 05 Dec 2022 00:58:16 GMT
Date: Sun, 04 Dec 2022 21:59:20 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6438
Cache-Control: max-age=137954
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 12:18:35 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6693
Expires: Sun, 04 Dec 2022 23:50:54 GMT
Date: Sun, 04 Dec 2022 21:59:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 21:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2457
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: e6Bw3d31x2xvq5Z6qXBTAeaJtmc/qPm8fVkfkB7PmZ1cRorgQMZCc/WOoghaN/lYM3/MI5wKI2Q=
x-amz-request-id: DF9KXXXGE7590P4S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 21:47:08 GMT
age: 733
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e42d13f47e297565238788c921eeb3fe
f34388c1d3e0a38709411a273e1a977c21a66705
52742f508d58a4d741b7b7734c6696e8c15b51b8482e8a0d1188bd30fcfc6c48

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52742F508D58A4D741B7B7734C6696E8C15B51B8482E8A0D1188BD30FCFC6C48"
Last-Modified: Sat, 03 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21508
Expires: Mon, 05 Dec 2022 03:57:49 GMT
Date: Sun, 04 Dec 2022 21:59:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 21:11:19 GMT
cache-control: public,max-age=3600
age: 2882
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6426
Cache-Control: max-age=132876
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:53:57 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5674
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Last-Modified: Sun, 04 Dec 2022 20:24:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279

ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

216.58.207.234

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
34 kB (33845 bytes)
Hash
d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

HTTP Headers

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 18:40:06 GMT
expires: Wed, 29 Nov 2023 18:40:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 443955
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6414
Cache-Control: max-age=93290
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:54:11 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2899
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc895-118"
Last-Modified: Sun, 04 Dec 2022 21:11:02 GMT
Server: ECS (amb/6BB6)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
81b4d5cf042f5a919ebe8d75b97c3a25
cc17f00660238f9033eb3b715562999f5b8b58d3
b2c58906fca9fec5cf5ae5ee89db3d14e53e99514b361835c99353d3d902bd2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3220
Cache-Control: max-age=159204
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638cd689-2d7"
Expires: Tue, 06 Dec 2022 18:12:45 GMT
Last-Modified: Sun, 04 Dec 2022 17:19:05 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 727

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
1c5a280d130588f4098f759d4606e5b7
6ee703f50768d46afbe70cc014963ff56b8a04a3
0e44cc312aad8320de54cb8c8438ea503090c3b61b7240d2b466b8ef9ac704a3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6308
Cache-Control: max-age=91744
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc2f5-138"
Expires: Mon, 05 Dec 2022 23:28:25 GMT
Last-Modified: Sat, 03 Dec 2022 21:43:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312

www.googletagmanager.com/gtag/js?id=UA-144347007-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43635 bytes)
Hash
7394f5efc2066edb47c804c2c4761abe
b4cb6023843f40023aa6362ba284c20fe755a2cb
83ecc8534e141da3c4d489b95c5cf128c6258780520fbfb5c5482ab53adcdbb6

HTTP Headers

GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 21:59:21 GMT
expires: Sun, 04 Dec 2022 21:59:21 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

mahasinsaif.banouta.net/0-rtl.css

94.23.159.185

200 OK

55 kB

URL HTTP/2
mahasinsaif.banouta.net/0-rtl.css
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
55 kB (54736 bytes)
Hash
381c82b46a7a0132c79b3d1a5f79ef65
1cef0f49d7114f3ae5bae00e7f1860f89e6013e7
950a073387a526d6217821075cdbb709f8737beef0bfded67bd3d440a8acf09d

HTTP Headers

GET /0-rtl.css HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/t3-topic
Cookie: exadd=167020
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: text/css
content-length: 54736
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

2img.net/i/fa/prosilver_grey/icon_gallery.gif

104.21.235.175

200 OK

158 B

URL HTTP/2
2img.net/i/fa/prosilver_grey/icon_gallery.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 14 x 14\012- data
Size
158 B (158 bytes)
Hash
68f80233b8287fc372dedca95f5feecb
2d573bda699c5371df6cca6d60b7b15f366b43f1
738434c1e4324d4e0b386a7f307b953d062ed1154c6fe3c6b4286966c809ba4b

HTTP Headers

GET /i/fa/prosilver_grey/icon_gallery.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: image/gif
content-length: 158
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-9e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 561598
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bchsMgvg3NYxAo0q9CLlY0aI5sZFalgA1mZuysCL%2B4VqRIrGix%2FBH57uHspLsPXzKbmPxnGUUned2oV%2Bj9lwDQ1Hym1kj9gjSnoDglwZsmu0EY5fKZmEwrIqMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390488aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/empty.gif

104.21.235.175

200 OK

43 B

URL HTTP/2
2img.net/i/empty.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 562132
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2WSRqoSr0P5r68wJKjZy4PyalD5cZt93%2B6nFPBLTz74dY9%2BDsG8zD2BhG%2FIQkABoy8%2BCzTyDd%2FOczloVI1qdS48LveqcAV%2BCtd0xC5Ww4kwXmF5eGLPUzVqzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390288aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/10/02/41/i_icon_mini_login.gif

104.21.235.175

200 OK

865 B

URL HTTP/2
2img.net/s/t/10/02/41/i_icon_mini_login.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 75 x 32\012- data
Size
865 B (865 bytes)
Hash
be13ff517b557ebf5f4882822017b728
d5754bca183cfb7199199418cb174eef8d6f7c0e
82bd8b96a815940acd9edcc0dd6a3ffc88a129637ffbb58c8a45d48552dbba08

HTTP Headers

GET /s/t/10/02/41/i_icon_mini_login.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 865
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IdASHmAZoReHE7HVkMIgoGAErlMZkamYMuLUTEqq6mTZRcEaZoN7G1ekwme%2FV4%2Fofx%2BuzvyV7iYfMBTKtbxFVuBYETJLXSv7pr3P%2B1bB1Q5dJi32OUSK6pErKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390188aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/10/02/41/i_icon_mini_register.gif

104.21.235.175

200 OK

890 B

URL HTTP/2
2img.net/s/t/10/02/41/i_icon_mini_register.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 75 x 32\012- data
Size
890 B (890 bytes)
Hash
c204b0d8d2270062a270dbbb47cf600b
dd18b55d4fd3a15f910f871ad59e2788b4dd04ad
85af93310afe9f9041854259f9c97017a79a1fefe3776f72c58da293bd63911e

HTTP Headers

GET /s/t/10/02/41/i_icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 890
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-37a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zj%2BKVp%2BsG%2FtpwJW7eepOwfE5GDjiKlOrbjREt2SaJHH3aAhrBSTpw1n8MOerGgsgSfVQoZ3YcMB8xHJ6t9PDQWUkmlceS28k%2Fpi74%2B8kUtBtDFTTX7vyVzFOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390788aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/10/02/41/i_icon_minitime.gif

104.21.235.175

200 OK

137 B

URL HTTP/2
2img.net/s/t/10/02/41/i_icon_minitime.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 17 x 16\012- data
Size
137 B (137 bytes)
Hash
9594657f7f7cb3ecd339dd48e085eac7
98f596ff359e52f86be44e38cbb3eddc0f36c577
4e1e2b589ee5d2fb8cab8983f1aae941fd91b19e9bbb3c110a934bbdbfc71c04

HTTP Headers

GET /s/t/10/02/41/i_icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 137
last-modified: Wed, 27 Oct 2010 13:42:58 GMT
etag: "4cc82c62-89"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVwjeMVxPWIa%2FOT1MQ4%2F1t9lPdnHmX1XpoEg7Ssv1zyx9YcvDwiU1QpUKtblqyD2qRcc4LdJp6RWPARj%2BkNuPMH5ZHXj2oX%2BVjv5gvCcLrIBrIfqljUxC9OV0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a38fd88aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/10/02/41/i_icon_mini_portal.gif

104.21.235.175

200 OK

888 B

URL HTTP/2
2img.net/s/t/10/02/41/i_icon_mini_portal.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 75 x 32\012- data
Size
888 B (888 bytes)
Hash
8a9e8b5fc6bc18621d4413e1b547c285
a6e11e42ba592edd1106bf4ac51ed1f32757031f
afcdcdc73a3b71608a0577dcd1e3ab64d53fc5e1cfbe526950186ce03ab4594f

HTTP Headers

GET /s/t/10/02/41/i_icon_mini_portal.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 888
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-378"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Dv63c0x02DK0bfotK7qMg8wm%2BpddlHyjG0awA3rae3u08j9ZCro%2BMTah8VzEvH2BKR4Py6o8p9HBvcxt6tYSHu7yfnEWF8ktWj8QyrTxC8GV2TgbeqYOy1nRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390688aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.162.110.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.110.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KXWPg5lL9F827+CIqVMnNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ubZSippP9kWYGjKtjTDCvaTDSJk=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6415
Cache-Control: max-age=93290
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:54:12 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280

2img.net/s/t/10/02/41/i_icon_mini_index.gif

104.21.235.175

200 OK

897 B

URL HTTP/2
2img.net/s/t/10/02/41/i_icon_mini_index.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 75 x 32\012- data
Size
897 B (897 bytes)
Hash
d8dff566e79041d27b89c1b8d890e754
bd6f50289c4ea027c653535728b79b2a5a9d8d73
54531c2c1ea88999f6ea1e930eea9a53bb2c9c66e6726bed3bd5c4b388cbc31d

HTTP Headers

GET /s/t/10/02/41/i_icon_mini_index.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 897
last-modified: Wed, 27 Oct 2010 13:42:58 GMT
etag: "4cc82c62-381"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0N%2FN2yN2SjOTbty8L1RA564%2F9NyzC0DhkHNX4EJG0R2WpUG%2BTC5xUjOxMFN9UhYysOh0DvDemCFz1naV4lk7GmYPKHEfiHzIpul5tYMd8CspzhuSP5kenPwmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390388aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d3e8f4315487d14d256974b0de698bd6
b95e16294a0ce9bceab933b34b21d8878a1449bf
6953f31da4312fdb9b7b30b7add9e86d1b9f331c48b187f915e9cde8b1668859

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6953F31DA4312FDB9B7B30B7ADD9E86D1B9F331C48B187F915E9CDE8B1668859"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3033
Expires: Sun, 04 Dec 2022 22:49:55 GMT
Date: Sun, 04 Dec 2022 21:59:22 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
8b839bec32f7b79c6fea79eef3c39eaf
e78ff3339301c487eb72d61eeafa61fc02ce5012
f4630ec53ba02868a55d568264fa0c2715ce825558bb74d070dcac5ee49bb31c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6377
Cache-Control: max-age=140024
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c7f49-139"
Expires: Tue, 06 Dec 2022 12:53:06 GMT
Last-Modified: Sun, 04 Dec 2022 11:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313

illiweb.com/rs3/66/frm/embed/FA_Embed.js

104.21.63.213

200 OK

9.9 kB

URL HTTP/2
illiweb.com/rs3/66/frm/embed/FA_Embed.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
9.9 kB (9925 bytes)
Hash
27d03ca4f92465463d636a10f3d09f1f
da827fe97360aeb67ef891ae33b5fbd601aa82da
ed0b8e6e9aa58bf9a2bb60e7c94b6a1947bfafa984934127f424d8189a47b775

HTTP Headers

GET /rs3/66/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:27 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 995814
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8udPw%2FTv4Z9SkvT0vE6w7Nd6luK5yjpaOfJaEc3KWaeFAtSxoAwGvD6cPgD8BvZSyuOWYnq9ZDiVYZTG0a78x3vi7BQDAp7yWFHyn1T6OpUUtiFeszKmLOyQXvTzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf09e8eb0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js

104.21.63.213

200 OK

1.6 kB

URL HTTP/2
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1011), with no line terminators
Size
1.6 kB (1625 bytes)
Hash
0e9f35775e7cb247a528509b2736a551
9dd26946266ffbe8b20f6374b5669f0d0b984080
346eae9def070cae2f55d0bf31aa1e6c4975f054df744773f65ac58a072beff8

HTTP Headers

GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 995818
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tx6wQqBvmOc1lIfmaRMDFJZFa3ya3QzjeHXw%2BI9jjZroSQ8eTYvHr3anFrb%2BHY8ShJzkvGWFkjozKHnklEwsA05NW6tJAj37WRPorXE9gRrIv6lWFGhZlrMDmQWK2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a19200b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.viglink.com/api/vglnk.js

54.230.111.6

200 OK

29 kB

URL HTTP/2
cdn.viglink.com/api/vglnk.js
IP
54.230.111.6:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (693)
Size
29 kB (28567 bytes)
Hash
072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e

HTTP Headers

GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 28567
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 16:53:51 GMT
cache-control: public, max-age=604800
etag: "072eaf64a771815874455704fca9301b"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jRc_HHSdHYvX7-e_ehZJlFcHl__qyiq_sd3N0CHaS4P1gKHAbFoR9Q==
age: 363931
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

216.239.32.178

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 20:46:55 GMT
expires: Sun, 04 Dec 2022 22:46:55 GMT
cache-control: public, max-age=7200
age: 4347
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3=

139.45.197.250

200 OK

758 B

URL HTTP/2
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (757)
Size
758 B (758 bytes)
Hash
01694ba3bbaca5b87e82fb16cfc109f7
7d3c774bc3e6646550ccc1f4df7842cc23de603e
b299c8357d59fc504f69e8c6835be1945d0af31d21db727721bf4681c3ae0d34

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 75919edd1da563dfcbe81eaf33a2415e
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/forumotion-ar/loader.js

151.101.129.44

200 OK

25 kB

URL HTTP/2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65498)
Size
25 kB (25343 bytes)
Hash
89d32c791c97d8cc6581d18ba08c37fd
ebb36de9cf125714cb2173ecd255671d1ed3c24b
f0ac1545dc3d63aba60185c29f1b5f57e90172fc75d02f8028d866b70ce1b1ac

HTTP Headers

GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: DLluyGnC1xDYt2a+kJQyFKK9H2xkcfp/qZ84RLUZoYLCPZ+1POiLYMLhG1OFjtzcWLJ2CSJCMwU=
x-amz-request-id: XZE36HPYXP5NVRCS
last-modified: Sun, 04 Dec 2022 11:07:05 GMT
etag: "4ce1aa58b1acafb9b4f2ae3522152e9b"
x-amz-version-id: HGeyL_.MBNtV9nwEV7JtR0Xc2rmgdTYa
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:22 GMT
via: 1.1 varnish
age: 46
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670191162.482033,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 84
content-length: 25343
X-Firefox-Spdy: h2

bidder.criteo.com/cdb?ptv=132&profileId=206&cb=86056040041

178.250.0.165

200 OK

161 B

URL HTTP/2
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=86056040041
IP
178.250.0.165:0
ASN
#44788 Criteo SA

File type
JSON data\012- , ASCII text, with no line terminators
Size
161 B (161 bytes)
Hash
69a5a036ca1c6e10ac84a5c32b187c6e
12455d8017dd2bb941a54f41eb25ca974557fd71
ceaf6ce4bdb9ddd2d298f442981f518f0a98153c71ab369faa81e191d2b139f7

HTTP Headers

POST /cdb?ptv=132&profileId=206&cb=86056040041 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 570
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://mahasinsaif.banouta.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 161
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
a9f82178f4a7dccd4bf4fb84170e3fa7
54ad9cb2fd1e5c31a13ac377b445de55ec7df58a
3b826b406a9db81555b54fad48ebecaf45414ef3119e0be8635c54a02615ec88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6280
Cache-Control: max-age=163719
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638cdc39-139"
Expires: Tue, 06 Dec 2022 19:28:01 GMT
Last-Modified: Sun, 04 Dec 2022 17:43:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313

dnacdn.net/dna

178.250.0.157

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=PG7pZl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ3RjZEJKVUZRVUdnNk9sUGpqTjclMkJ6; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 157165
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js

151.101.129.44

200 OK

147 kB

URL HTTP/2
cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65509)
Size
147 kB (146692 bytes)
Hash
44011b5dd14e2f62cd293736e61bfd5d
de3c2fe115b850c1e3e98fe3f7535b25cb1d3c60
b3afb4ddb950f8d47f69dc4d767ab42575b6ac181266b74bf47f62db718d1b78

HTTP Headers

GET /libtrc/impl.20221204-5-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CjI7dNb7Sm2ieogl+FR+2lgv4og9KWqPbaVSss7gfMGqV7gCClnQ5mltb5VDFGjCpsQ2jYBvHZE=
x-amz-request-id: 4J772X8ZNY05ZTSH
last-modified: Sun, 04 Dec 2022 10:58:02 GMT
etag: "44011b5dd14e2f62cd293736e61bfd5d"
content-encoding: br
x-amz-version-id: FCB4xk7W.ZTqnSlYrGqFWfqH44s.QC5m
content-type: application/javascript
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:22 GMT
via: 1.1 varnish
age: 10871
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 9832
x-timer: S1670191163.634560,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 15
server: AmazonS3-br
content-length: 146692
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
ee00ac7a24f2be13f49a39c476f9f707
98a87636f9dbd123b21b0c4adf164c68603da8ba
6edf8fd4b338be0cfa4ce5fd22a6adc145f0f47576447a03c277bea70a43a5eb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6305
Cache-Control: max-age=136019
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c6fec-139"
Expires: Tue, 06 Dec 2022 11:46:21 GMT
Last-Modified: Sun, 04 Dec 2022 10:01:16 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313

stootsou.net/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ab507b3688f9409491da9715db2cb8f7
1f851e21b05f8fca6685220fdb1c1b3856d97791
ada01d1daa6559da33b5b7f076f5987e36394b6a617b09d33805c6cf875e80a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=123737
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c5246-1d7"
Expires: Tue, 06 Dec 2022 08:21:39 GMT
Last-Modified: Sun, 04 Dec 2022 07:54:46 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8INipdIO0b0GiJYOatiLxpfrJWsQqyB3PaaPVaJrnpTUEJmqYE9C-A==
Age: 1613

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4cdd9e92530719e8c12811e9ea1393f4
4142f71c9ecab6ac316d5585beaca78d6aaa32c8
9534bfce33123fd927838b7d0a5b2fb1d7063bd795bf346e9cf6e2b0683fd79f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9534BFCE33123FD927838B7D0A5B2FB1D7063BD795BF346E9CF6E2B0683FD79F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11241
Expires: Mon, 05 Dec 2022 01:06:43 GMT
Date: Sun, 04 Dec 2022 21:59:22 GMT
Connection: keep-alive

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Content-Type: application/json
Origin: https://mahasinsaif.banouta.net
Content-Length: 391
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1a5ee84fb913274c764efe055f9fad73
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.viglink.com/api/ping

34.246.116.79

200 OK

259 B

URL HTTP/1.1
api.viglink.com/api/ping
IP
34.246.116.79:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
259 B (259 bytes)
Hash
89ae7ea802b7ed840b5e30ed988697b3
8d134087c01ffe4c48813105e7fa45c40aa07a94
3a9289191df3f32aea9a8cdd0da67e9c55baeda308749cf62f720c564fa03dfc

HTTP Headers

POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 140
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053

108.177.14.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053
IP
108.177.14.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://mahasinsaif.banouta.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 21:59:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
3b37e9e4dc5c39c8fb6aba1ddd4ddc4e
2a3653d905b34824efded08cbb4c400f80d73526
c2855a99d6c1522d57a8224193527da72bf97c139541d1e010a51762fb1ab73e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1367
Cache-Control: max-age=124940
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c57ef-116"
Expires: Tue, 06 Dec 2022 08:41:42 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

mahasinsaif.banouta.net/images/icons-180.png

94.23.159.185

200 OK

4.5 kB

URL HTTP/2
mahasinsaif.banouta.net/images/icons-180.png
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.5 kB (4479 bytes)
Hash
0dcfea134d6f080b26f67d3dc850bdc5
6303cefd6682d6e2fe22ef650b5251f537c17829
25b5dad8f52e97a80692a98b807d337d2b638931c0081d51da72d48ef79bda7a

HTTP Headers

GET /images/icons-180.png HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/t3-topic
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/png
content-length: 4479
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
3b37e9e4dc5c39c8fb6aba1ddd4ddc4e
2a3653d905b34824efded08cbb4c400f80d73526
c2855a99d6c1522d57a8224193527da72bf97c139541d1e010a51762fb1ab73e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1368
Cache-Control: max-age=124940
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Etag: "638c57ef-116"
Expires: Tue, 06 Dec 2022 08:41:43 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE&lt=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE&lt=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE&lt=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
x-fastly-to-nlb-rtt: 22011
access-control-allow-credentials: true
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5f25c4c99bce7de9166e989e0e94df3
977a8feb8420b10fc4b27440203b08ecae7516f8
5e444685fc55211330424827c83a0b4a885ff07f4c97fa667eead72cdc3c3eaf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E444685FC55211330424827C83A0B4A885FF07F4C97FA667EEAD72CDC3C3EAF"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13615
Expires: Mon, 05 Dec 2022 01:46:18 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.betgorebysson.club/apu.php?zoneid=3765907

139.45.195.8

200 OK

38 kB

URL HTTP/2
cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
data
Size
38 kB (38313 bytes)
Hash
1973611de025062b3629a37ff768b6fe
c596d252f7528581090fa493c5f977115c5ca7cd
f8d7bcc89caeded20c454c04b8457bd6aa686d3ff8ad2c8a6057d3d30872224a

HTTP Headers

GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
x-trace-id: 39ae1e72bc588b5493e1b1b7aa8d5e0e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:22 GMT; path=/; secure; SameSite=None
oaidts=1670191162; expires=Mon, 04 Dec 2023 21:59:22 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
2a3e9c9270d5d1402700343b567d8e21
4348655937347ff19881acafd04b1277e017f19c
905ee9517e8597ac86e76b99b970f77a4fbb2500de30ef6efea97a4bbcea51d4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 13:33:18 GMT
Expires: Fri, 09 Dec 2022 13:33:17 GMT
Etag: "4348655937347ff19881acafd04b1277e017f19c"
Cache-Control: max-age=401033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7747cf11cdf8b4fd-OSL

datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

37.48.68.71

200 OK

12 B

URL HTTP/1.1
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
37.48.68.71:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 903
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 04 Dec 2022 21:59:23 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

bidder.criteo.com/csm/events

178.250.0.165

204 No Content

0 B

URL HTTP/2
bidder.criteo.com/csm/events
IP
178.250.0.165:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 370
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:23 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://mahasinsaif.banouta.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2

34.246.116.79

200 OK

43 B

URL HTTP/1.1
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP
34.246.116.79:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:59:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:59:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gum.criteo.com/sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1

178.250.0.157

200 OK

790 B

URL HTTP/2
gum.criteo.com/sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
790 B (790 bytes)
Hash
2b9a5b7dcfb1054bf8aa6d51075ec7aa
0d7b5066f24e3086b01d748c2593373c77fa7975
441b6d1b0f67662aec92cba23f06dd102db97d50f60b27a702ef1a7bf9163c13

HTTP Headers

GET /sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 941675
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

cdn.betgorebysson.club/?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link

139.45.195.8

200 OK

1.8 kB

URL HTTP/2
cdn.betgorebysson.club/?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
data
Size
1.8 kB (1802 bytes)
Hash
8833755aaf9bfaea0a77770d46cbbd20
0e5cfdebd4fbaec33505b8213936d0e7edd1d5fe
a6e75934c19e90b63abf047dc80e70038e8054b3f0c16f09240d3112b74028bd

HTTP Headers

GET /?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Cookie: OAID=97da9027b7b34218ac2d4a79db326995; oaidts=1670191162
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: application/json
x-trace-id: b248a17bf6ca328efceef74c73881dba
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:23 GMT; path=/; secure; SameSite=None
oaidts=1670191163; expires=Mon, 04 Dec 2023 21:59:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 11 Dec 2022 21:59:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js

151.101.129.44

200 OK

5.4 kB

URL HTTP/2
cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (17842)
Size
5.4 kB (5398 bytes)
Hash
1bf1dea253cd98940ce69c484846d6a1
10eb6e66d08a1b9d47b907bdab99ce62df1ac64e
a1400b6b985663284e06ff193ae67a058ac4a941c0e39a0459fbdbae5f2b8bec

HTTP Headers

GET /libtrc/userx.20221204-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: JqZ/yLM48O7O463Ttm8xU7mzkvETfxvwt7FKlLjm6luzENqOF69dXlL97srYZ1cLMuNLK64Qayk=
x-amz-request-id: F6G6YAPYQQ205QRS
x-amz-replication-status: PENDING
last-modified: Sun, 04 Dec 2022 12:46:15 GMT
etag: "f257084fa5d40369fd5095838cc508c9"
x-amz-version-id: t5qY8CKRUH4Gm3ODbJJbfrati21qr3EK
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
age: 48
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1670191163.376779,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 15
content-length: 5398
X-Firefox-Spdy: h2

api.viglink.com/api/domains

34.246.116.79

200 OK

41 B

URL HTTP/1.1
api.viglink.com/api/domains
IP
34.246.116.79:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
4081c7f27fd7098cdd1e2f9a18cb1bde
ad87a8b70f7e77bcd2ac0727d18ef583fa8df573
a05449f6e9a52ebe0b1709457cae96ffecb3603fbc36dd41bc4a6fb103f9c724

HTTP Headers

POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 240
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive

vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js

151.101.129.44

200 OK

30 kB

URL HTTP/2
vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29909 bytes)
Hash
aac1042207afd54e1cf1befcaf3420cd
00f0597866330a850a1d6222861591f24dd18380
ea77ece8880eb28ffe83e94ef787b4204f8b1b3d09f443011b898b13ed4bb706

HTTP Headers

GET /lite-unit/3.9.8/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "1842444d4bb92087143326a4d508875d"
server: AmazonS3
via: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: iVxUQ_yUDgKIDSZaR21P2jFvv94ZUaTAMQdnd9xsEMFJTpsmb2NMlg==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 1090606
x-served-by: cache-bma1658-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 9095
x-timer: S1670191163.382309,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29909
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js

151.101.129.44

200 OK

5.1 kB

URL HTTP/2
cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (18924)
Size
5.1 kB (5107 bytes)
Hash
9b7cf542cdd2fc4a076a02d37dff71fc
e20ed06224647b5a57809e1cd8623e1358d0516a
472681407a0b437ec853b421e0c919a98a46838e7fd60c610e81d76dcd200997

HTTP Headers

GET /libtrc/cta-component.20221204-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: iBdvQgrpqB9hFnXEXocil/IPLxo9kTfrCNauB+inDV3bDvv7T6k1XT5Pz7YGdL0YbXvEa/NcVC0=
x-amz-request-id: BM2J3DBSD3EJF0FS
x-amz-replication-status: PENDING
last-modified: Sun, 04 Dec 2022 12:45:18 GMT
etag: "3d57420ee8058c5dd7c6af7bcddf9500"
x-amz-version-id: GX.y_qek13qzszMknBMEjodlNkqXuW62
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
age: 113
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 39
x-timer: S1670191163.386594,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 15
content-length: 5107
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png

151.101.129.44

200 OK

5.0 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.0 kB (5040 bytes)
Hash
8bf61fbf88f1004f2d1ad19b2e8a65a3
4e06717009bdb501391dee7d6c41c3b8d9e81905
cb21f0b8febf2bb7d37285f47e911afc943decc1e79ddf23a6e96472197a3886

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 334840937470646990225866747919159929393,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 334840937470646990225866747919159929393,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "244ede840390440bfcbc4062835b314c"
expiration: expiry-date="Mon, 24 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 23 Sep 2022 15:19:07 GMT
req-referer: https://bialystok.se.pl/eurojackpot-we-wtorek-25-pazdziernika-kumulacja-wyniki-losowania-do-wygrania-jest-440-milionow-zlotych-aa-T1pe-mRyo-CjyX.html
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 16
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 4073284
x-served-by: cache-iad-kcgs7200146-IAD, cache-iad-kiad7000168-IAD, cache-bur-kbur8200047-BUR, cache-iad-kiad7000130-IAD, cache-bma1658-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 66, 1
x-timer: S1670191163.428470,VS0,VE3
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png
x-vcl-time-ms: 3
content-length: 5040
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg

151.101.129.44

200 OK

19 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
19 kB (18696 bytes)
Hash
7c23768f79db59fe780efb2c58c54fdd
f000b269ccee899556dbb351cc85d8fc2f888998
27bea1cf2db038ea42aa341c0a0d831b81d62696f657465fe5118b298d8b99cd

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 493243231007183793812851951606147198600,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 493243231007183793812851951606147198600,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "7e15708d195d2d716c86af762147689d"
expiration: expiry-date="Thu, 01 Dec 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 31 Oct 2022 00:06:19 GMT
req-referer: http://gujarat.indiaresults.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 203
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 1675778
x-served-by: cache-iad-kiad7000177-IAD, cache-iad-kcgs7200050-IAD, cache-lga21977-LGA, cache-iad-kcgs7200087-IAD, cache-bma1658-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 30, 1
x-timer: S1670191163.436578,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg
x-vcl-time-ms: 1
content-length: 18696
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg

151.101.129.44

200 OK

7.2 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.2 kB (7246 bytes)
Hash
e48ce6177f302d1b9335edd1039c4b7a
8790a2eb6cdd826dedf26c0ea75ca49598d94ce3
8aff658c7eaaed83f81003db6049614cbd604b9c62a39053478343d6c8c05231

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 494817518622662110197702006026876009863,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 494817518622662110197702006026876009863,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "f3b697632583b039c9a200ac2d01dd0f"
last-modified: Tue, 11 Oct 2022 22:36:34 GMT
req-referer: https://weather.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 7bdefcf8c434cf9b0639118b3e923a2e
x-envoy-upstream-service-time: 113
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 3311419
x-served-by: cache-iad-kjyo7100022-IAD, cache-iad-kjyo7100107-IAD, cache-lga21924-LGA, cache-iad-kjyo7100093-IAD, cache-bma1658-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 66, 1
x-timer: S1670191164.534861,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg
x-vcl-time-ms: 1
content-length: 7246
X-Firefox-Spdy: h2

gem.gbc.criteo.com/newidsd

185.235.84.88

200 OK

5.8 kB

URL HTTP/2
gem.gbc.criteo.com/newidsd
IP
185.235.84.88:0
ASN
#44788 Criteo SA

File type
data
Size
5.8 kB (5753 bytes)
Hash
abe49ac327a305dc1c2572bc138b92b7
d0874a50d9d42e22eb4bf4f235b2d2811242abea
12aee9813f7896f962ef575f8da2db98d1de2852bcffc2e4764330087445c827

HTTP Headers

GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 85784
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

185.235.84.142

200 OK

5.0 kB

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.142:0
ASN
#44788 Criteo SA

File type
data
Size
5.0 kB (5040 bytes)
Hash
ac6c32a189b3e08fcdec5ef8571d1dbf
1efb25c715c3a7264c78f09ebfb5e49557a6a6c0
9b61780ffcbe5ee6accc53556f6781a488b44b066934eb630b78a3dcc786ec24

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 94278
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

twemoji.maxcdn.com/twemoji.min.js

151.139.237.124

200 OK

20 kB

URL HTTP/2
twemoji.maxcdn.com/twemoji.min.js
IP
151.139.237.124:0
ASN
#12989 StackPath LLC

File type
data
Size
20 kB (20191 bytes)
Hash
dcd5ffa5bc54ff5e78f4339ab8f4e2d1
59e8af249f4dff32ae3066b5b045da6d031f4bb3
fd466f1f9f1c6d24ac60950e686858b6cdfdb09585a4477742976d24e4ca089b

HTTP Headers

GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Tue, 03 Jan 2023 21:59:21 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 7B1C:D2D3:4824A8:4A013B:638A8635
vary: Accept-Encoding
x-fastly-request-id: 13302c302e4dcbfe7e16260e2cd5983d6eec8ece
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive

illiweb.com/rs3/66/frm/lang/notutf8-ar.js

104.21.63.213

200 OK

27 kB

URL HTTP/2
illiweb.com/rs3/66/frm/lang/notutf8-ar.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type
ISO-8859 text, with very long lines (65536), with no line terminators
Size
27 kB (27312 bytes)
Hash
917dea9458ff8b0b2ad0bf06ab640cf3
38f4100a8b6164539271c2d4f234130b825b3616
04ec8337b6dec7da3105b95b7ece1e2a0f56adb8da19f34573cab7966e0745de

HTTP Headers

GET /rs3/66/frm/lang/notutf8-ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=73321
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:52:28 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 994013
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tndEBfJQf%2BRODZ7zOokm%2FhjVZxnCODMTV2gLS3zXhjdktXrWl%2FcyORAW4hCjpID3cvDzukMOEk%2For2m9ipav8%2BQG2dGZpJsL7ndaELt2a6NrHeXED4isqRHGAZf%2Biw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a191e0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3707 bytes)
Hash
d7bde76a4dbab17f37747e7da55ad924
56ee7aa6cf94570b1218ef6e767a7036d0b8900f
bd8320fe10dc06061008034cfd1ca9f17e941b2b859b8dd12f23bcac35746aab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3707
x-amzn-requestid: e9d4dc01-cb68-471b-8da4-c6f170248387
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_xhEm-IAMFRNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d133c-5414a54751e2569f639d0dea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:38:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5XGO_QToLjgti1g7xU6jnUNtcyzzQZtc5pGmHqrtt6zD2dlVAN2BfQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "56ee7aa6cf94570b1218ef6e767a7036d0b8900f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5209 bytes)
Hash
8d76ec668361348eb17d54001fd2e6c6
534299a20a76ea6e3250f0fb35fe772cac04ef51
22676fae3909acf18e6cd4f505ec718fdac156990edb20926afdae2a359a2859

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5209
x-amzn-requestid: 682056d5-7815-4fd1-b05b-723619128d8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUXF5eoAMFRvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-6df5d866267739212832ee66;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pFKMx6_a5Ml_dBK1dafOt4KFMeC5SwUqNlNpc8sO4DVj0Ocb2Yksrw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 03:45:46 GMT
age: 65617
etag: "534299a20a76ea6e3250f0fb35fe772cac04ef51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5276 bytes)
Hash
f0402b0c3474a5bd3b1ba804528b64a8
2d47af0fb664d9fec52549bb3bdba1dfd8911bb2
7f87af77663b8bf22211e135554ada8865cdcf6499e9fcf0f3442b10ca3984e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5276
x-amzn-requestid: d337310e-59be-4268-bfd0-8cc4f2c91a11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_soE98IAMF0aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-230591591f8fd0984c222549;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x7xrn7E3aUdw75Br3B_GcqRhg-i5FcqG2NRMo4Pa5VhqjblbsvcgDg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "2d47af0fb664d9fec52549bb3bdba1dfd8911bb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6173 bytes)
Hash
3130c86c084c4c925fb9179dfa5c145d
203f27660f3885d5c1bc68a535baef4e48ff6582
faf2c48c2286fe2149908947de9037640007d32e13694c1261f610250caf3f8f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6173
x-amzn-requestid: dc73ee0d-b1ec-407f-8e98-3ba264725ee3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqHqwIAMFwqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-56d74e8d45baa9e87136708f;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZjAfnCIfBIkjjk0E62TZ7bHsCTUhJk9Wm_wIyhnUNvhgXja5ELfC4g==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "203f27660f3885d5c1bc68a535baef4e48ff6582"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8749 bytes)
Hash
dcb8fe0c4ba323ab2483fa290c291051
6706e02d6b95edc3a33c951f07d04b0fb7415b77
6be68deb3a330955027ec16eaca2cdf4e2776620ffb7cb995922664b24400f02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8749
x-amzn-requestid: ee03c447-299b-45d5-b8c6-12d4d1dc436d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_spHdBIAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-0c9805c6112ec9ec6b9d1544;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tsL8hmcWaBeKYVG2b4g7ebl-sQ0Z5jZaexEfvldfzq9COcOdzqLhUA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "6706e02d6b95edc3a33c951f07d04b0fb7415b77"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

api.viglink.com/api/domains

34.246.116.79

200 OK

56 B

URL HTTP/1.1
api.viglink.com/api/domains
IP
34.246.116.79:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
05b7341e73110bfaf4d424ef1adec915
baf3834698ec38c170ad73dd15512bcd4e7f7687
9ba43db945b0e10cf7f6b34eee914d2d3be161e8b11a08181cfec8170acbaa5d

HTTP Headers

POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 304
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 56
Connection: keep-alive

tzegilo.com/stattag.js

172.67.194.45

200 OK

5.2 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
172.67.194.45:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12966), with no line terminators
Size
5.2 kB (5232 bytes)
Hash
dcc859d4c32d23dee5a3da37b068b136
82ec3de4bff61a07d02e67382fdb0ebb76bfa2e7
2d14da3153c74459783de18b360f83354582f4abf092ab2d5b9c3bfaa2760fb0

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgLS6oYfppB%2FevwdfjRsKZiX1eO96umSjmkmr0pcaGO3%2B20grp89NvoxugQVuWGdjTQrbID8Qor0o%2FcN%2Bjy57ufS657lvxR7pH3LpmWRyqvxgeDhcvjIbIlY7BNYZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf10b9441bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1

141.226.228.48

200 OK

0 B

URL HTTP/2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-length: 0
X-Firefox-Spdy: h2

vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css

151.101.129.44

200 OK

8.3 kB

URL HTTP/2
vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text
Size
8.3 kB (8297 bytes)
Hash
a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991

HTTP Headers

GET /vpaid/units/32_4_5/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Bf8dw0NjA07TfpEMmKBaL+UFJWQuALEo7owO+vyJS0Z7+UM4VbN5qXqenI+jCaBsTF8hL6tqRMY=
x-amz-request-id: 89SNZ5N6GV47VA34
last-modified: Mon, 28 Nov 2022 10:07:46 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669630065
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630064
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 561005
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 90814
x-timer: S1670191164.006729,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2

vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js

151.101.129.44

200 OK

128 kB

URL HTTP/2
vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size
128 kB (127788 bytes)
Hash
2b361da912acc8f13f4f1b545047025f
af3a70c02bb88e27a151e8edf4a93931ace2aced
7f44e7dee5fbeb1334cdcb6b06d37dbf74a5ce2c65d4494843a2dabd98f2ef1b

HTTP Headers

GET /vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: NxcjemMMJRUsCExBkB2iiVRl9DgwLdtVaii0IcyucefSWzHY1Wd9p4I32adBzeHQ7741KdCnChI=
x-amz-request-id: 89SJXSQ72NB1B3KT
last-modified: Mon, 28 Nov 2022 10:06:56 GMT
etag: "2b361da912acc8f13f4f1b545047025f"
x-amz-meta-ctime: 1669630015
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630014
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 561005
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 40490
x-timer: S1670191164.031888,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127788
X-Firefox-Spdy: h2

am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false

141.226.228.48

200 OK

742 B

URL HTTP/2
am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Size
742 B (742 bytes)
Hash
e212b134cabf80f8be66f676e09c0097
c6f5b87bdb324d5acc99af18d97d5d9835c65c7a
f4461fdc5512d2915f67a2b761cfd5ce1166d1f8dd0f07a571bf31eb1c7d0855

HTTP Headers

GET /sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2

sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea15f4e9-741e-11ed-be00-1e1d47870106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 104
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

185.94.180.125

302 Found

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea15e883-741e-11ed-aac8-1d66682b0506; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506
X-fe: 19
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true

141.226.228.48

200 OK

1.1 kB

URL HTTP/2
am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1120), with no line terminators
Size
1.1 kB (1120 bytes)
Hash
f717cf68d70edb144ff0ab0bbaffacfe
e3f6de8e0594a980413fb5ac1cd43376b6427ec8
71b7861e9cdaab14dede85a55abcc5caa084ca862ecf9906830ea4de881be04b

HTTP Headers

GET /sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea1d2add-741e-11ed-aada-10ffbde80106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 12
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1

151.101.129.44

200 OK

446 B

URL HTTP/2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (928), with no line terminators
Size
446 B (446 bytes)
Hash
e24def780babaab75f63c88cc18c77cc
25b9811e8738f191cfa1c64cb40ac8eb57febca2
9da1df211b7a5dfd0115080e09097564883ad35fae7a0b7d11b2cda9fe1f306c

HTTP Headers

GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.327126,VS0,VE24
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
f499b2c86f35e9a3eada12bc73765263
64a65fe44a6a6683fc6a5ab5952dd676960ed936
72e63411fbfa22598322a2a19a427f8d3760a40fee46e095ff01a1e3ef1a0862

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 08 Dec 2022 18:45:48 GMT
ETag: "64a65fe44a6a6683fc6a5ab5952dd676960ed936"
Last-Modified: Sun, 04 Dec 2022 18:45:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2811
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7747cf1a094fb51e-OSL

match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1

35.71.131.137

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
35.71.131.137:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js

151.101.129.44

200 OK

87 kB

URL HTTP/2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
87 kB (87152 bytes)
Hash
dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd

HTTP Headers

GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 743042
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 89359
x-timer: S1670191165.566548,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1b9552-741e-11ed-8510-15758c630206
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1b9552-741e-11ed-8510-15758c630206 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea4054d0-741e-11ed-b434-16a7f9820306; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1f25e1-741e-11ed-9699-155da6fd0506
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1f25e1-741e-11ed-9699-155da6fd0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea40b20b-741e-11ed-8e71-197e22df0406; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 30
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

141.226.228.48

200 OK

742 B

URL HTTP/2
am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Size
742 B (742 bytes)
Hash
98a76f3a7fd5e8337ef3301d5d69d0d7
f7c260a4e32ec68e61dc6e25c3b7e4d2b572c6a6
878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3

HTTP Headers

GET /sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png

151.101.129.44

200 OK

254 B

URL HTTP/2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

HTTP Headers

GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 23201
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 2218
x-timer: S1670191165.656252,VS0,VE0
cache-control: private,max-age=31536000
abp: 15
content-length: 254
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
838d243942d48827243c3bcee18d11ed
26243d17a8493cbaa1759bde860c0a2a54f36e02
bf818584bae52201d47f2fadf57114acdcadf908a7003b26b846196ccef11ede

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=162099
Date: Sun, 04 Dec 2022 21:59:24 GMT
Etag: "638cd528-1d7"
Expires: Tue, 06 Dec 2022 19:01:03 GMT
Last-Modified: Sun, 04 Dec 2022 17:13:12 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CKQDXeAXV0RyZ5HIHYMkR0fgeSycCPrLaaEbcVjxwkPFnJQnigtDXg==
Age: 6471

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea435914-741e-11ed-9112-1ebee0f60506
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea435914-741e-11ed-9112-1ebee0f60506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea4d4687-741e-11ed-94fe-1e875f050106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 74
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

104.85.187.217

301 Moved Permanently

0 B

URL HTTP/2
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
104.85.187.217:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
date: Sun, 04 Dec 2022 21:59:24 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2

trc.taboola.com/forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV&lti=deflated

151.101.129.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV&lti=deflated
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV&lti=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2570
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191165.657974,VS0,VE85
x-vcl-time-ms: 85
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e628b15d0ac70efe6a7d72ea00716fa3
cff8653177e58253bae09b9010f889c0b097b221
39d68fe3ffb4a1e277c6aa63b742c5e6e17e6e13e064bf42cd2e45b8f2786f0c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6148
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:24 GMT
Last-Modified: Sun, 04 Dec 2022 20:16:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

trc.taboola.com/forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV&lti=deflated&bulkSize=2

151.101.129.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV&lti=deflated&bulkSize=2
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV&lti=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5311
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191165.657302,VS0,VE89
x-vcl-time-ms: 89
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=445643,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7747cf1bac86b4fd-OSL

eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

104.88.9.101

200 OK

233 B

URL HTTP/1.1
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
104.88.9.101:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
233 B (233 bytes)
Hash
6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180

HTTP Headers

GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

ups.analytics.yahoo.com/ups/58534/occ

3.126.56.137

302 Found

0 B

URL HTTP/2
ups.analytics.yahoo.com/ups/58534/occ
IP
3.126.56.137:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:59:24 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBDwYjWMCEGn8oTY0xIqeNXdU0zOzYx0FEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAqI2UIdUVqa4Yn7EH1hEJK4; Expires=Tue, 5 Dec 2023 03:59:24 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

eus.rubiconproject.com/usync.js

104.88.9.101

200 OK

10 kB

URL HTTP/1.1
eus.rubiconproject.com/usync.js
IP
104.88.9.101:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (18728)
Size
10 kB (10067 bytes)
Hash
de8d25f887a0fa41f6f06f47032cf2ed
730223801e090e4746352343fa2faa352466a1fd
377cfef236901519d68cbcd502144605dfa7b21e62896ef35890a7524dffb64d

HTTP Headers

GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Sun, 04 Dec 2022 11:34:22 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=48842
Expires: Mon, 05 Dec 2022 11:33:26 GMT
Date: Sun, 04 Dec 2022 21:59:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola

3.123.160.250

200 OK

43 B

URL HTTP/2
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP
3.123.160.250:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

ups.analytics.yahoo.com/ups/58534/occ?verify=true

3.126.56.137

204 No Content

0 B

URL HTTP/2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
3.126.56.137:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:24 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBDwYjWMCEJ1JzAq8H5x47MYDcbGaWCMFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAp4Gk3WidGuuAJuEi_k8fpw; Expires=Tue, 5 Dec 2023 03:59:24 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1

35.71.131.137

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
35.71.131.137:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1

141.226.228.48

200 OK

0 B

URL HTTP/2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-length: 0
X-Firefox-Spdy: h2

185.94.180.125

302 Found

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:59:25 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea844383-741e-11ed-9595-141922060506; expires=Sun, 01-Jan-2023 21:59:25 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506
X-fe: 64
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:25 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea88c83b-741e-11ed-8bdd-1626150c0206; expires=Sun, 01-Jan-2023 21:59:25 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 137
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

ups.analytics.yahoo.com/ups/58534/occ

3.126.56.137

302 Found

0 B

URL HTTP/2
ups.analytics.yahoo.com/ups/58534/occ
IP
3.126.56.137:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:59:25 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBD0YjWMCEHU8S2wMaR-6Licy-j7Gq-IFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAii02KGpYfI2OhXNIlmKdJ4; Expires=Tue, 5 Dec 2023 03:59:25 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1

35.71.131.137

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
35.71.131.137:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

ups.analytics.yahoo.com/ups/58534/occ?verify=true

3.126.56.137

204 No Content

0 B

URL HTTP/2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
3.126.56.137:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:25 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBD0YjWMCECP7w8NDXUMeUQVuVoakiMUFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAmOlVwyIodzXrNCN79ClQhA; Expires=Tue, 5 Dec 2023 03:59:25 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Content-Type: application/json
Origin: https://mahasinsaif.banouta.net
Content-Length: 756
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1537453c5313c81f739caa518ead86b5
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.taboola.com/scripts/cds-pips.js

151.101.129.44

200 OK

1.3 kB

URL HTTP/2
cdn.taboola.com/scripts/cds-pips.js
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (3545), with no line terminators
Size
1.3 kB (1340 bytes)
Hash
780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30

HTTP Headers

GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:25 GMT
via: 1.1 varnish
age: 3295
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3594
x-timer: S1670191165.353607,VS0,VE0
vary: Accept-Encoding
abp: 15
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net

178.250.0.157

200 OK

5.1 kB

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
5.1 kB (5090 bytes)
Hash
b39740609d14b3b54a5087554ba70b33
a176e33eb1d780ba6ad6d7ab13b4e23281d5ec10
9e692669b06c149708d673287fd1b8675b6a04e53ad6592d30880fba1a3de234

HTTP Headers

GET /syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=1b7639c8-dce6-45b9-af00-dc9da0313355; expires=Fri, 29 Dec 2023 21:59:25 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 813464
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

185.235.84.142

200 OK

356 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.142:0
ASN
#44788 Criteo SA

File type
JSON data\012- , ASCII text, with very long lines (411), with no line terminators
Size
356 B (356 bytes)
Hash
c5c53385885cbe5019bc9a0883ada37a
11571593695b3f0a2e025e178f410a6d9f5157ec
17e6f76a8b30aac49fbf6a105a73502a52d83c4243a21b51eca223a2a2b7c561

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98736
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
9cfee58abf1ff4ea56cd0fe02a0eaa3b
bf412b651475a23a2539a80beb8fee45a139ffc3
3bc51e12ef2f154728ddcab5066477fb44ffb2837678942eac323b12fdce2651

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5293
Cache-Control: max-age=158012
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:25 GMT
Etag: "638cc9cc-13a"
Expires: Tue, 06 Dec 2022 17:52:57 GMT
Last-Modified: Sun, 04 Dec 2022 16:24:44 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.0.157

200 OK

8.9 kB

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
8.9 kB (8859 bytes)
Hash
0fe09f642ee64f148ebf05c04b8b29b6
39364896c86f69561ae2e8d208073a37fa1871d0
3d446a64c19762e8d035891c1ec0aba3dff9acb9c7c92f5bf743cdbd85002b86

HTTP Headers

GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
x-crto-bundle: Nkjkq19hWjQ3MFpRdmRwT2RFSVJob2FINUVLQXc3dlJPdnhCQ2phYTZ2ejBlTndmN0M0MGslMkIwelVzSDF3OWsyRWRoUWZhekxQOUUlMkI0U1JqYXZmbXhYME4lMkJIa0s0R01PdEh5cU1SJTJCbWdiMzNMRmM1UzV4MmRiaWdpSCUyRkM2eEt4eHkycmRXM1pOeFBuU0dORHJwcUxxaHU0NTNBJTNEJTNE
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://mahasinsaif.banouta.net
server-processing-duration-in-ticks: 2045853
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo

34.192.165.142

200 OK

82 B

URL HTTP/2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
34.192.165.142:0
ASN
#14618 AMAZON-AES

File type
GIF image data, version 89a, 1 x 1\012- data
Size
82 B (82 bytes)
Hash
c12d660b239a82b0008377bc192e9849
613459bd63150ddc0abb8be40f65ce63e3283fd1
77c2013d08421893870ede37dd8a1c6230a8d83cf0484dc3e56356a2403e709d

HTTP Headers

GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
fa3609b46a8dc8b5ed7a2616cbcf7df2
e518cfe96f6c45f88d8f21a494fa763a98b7df52
0ede90cd67d27d84369db0d102d797a68f433e561388177b62e6ca2828d21389

HTTP Headers

GET /gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Cookie: ID=97da9027b7b34218ac2d4a79db326995
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:29 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:29 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

connect.topicit.net/scripts/connect.js

188.114.97.1

200 OK

0 B

URL HTTP/2
connect.topicit.net/scripts/connect.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 2811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qdni6G%2BiJXzsDu5aRS7pl9Fm6X3J3Pwcegz1kpMwmQAabLLJOtuMohja2hVPc5RqZ1pKSmrR6FeqltxIGlF0QVW67BjjjnrOnAVNMQUUd6TDSuBkuZcNgEFDpwv8z7RyF559qVsH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0cadc0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1

151.101.129.44

200 OK

0 B

URL HTTP/2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1453
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:29 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191169.112087,VS0,VE42
vary: Accept-Encoding
X-Firefox-Spdy: h2

mahasinsaif.banouta.net/t3-topic

94.23.159.185

200 OK

0 B

URL HTTP/2
mahasinsaif.banouta.net/t3-topic
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t3-topic HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: text/html; charset=windows-1256
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Sun, 04 Dec 2022 00:00:00 GMT
last-modified: Sun, 04 Dec 2022 21:59:21 GMT
vary: User-Agent
set-cookie: exadd=167020; expires=Mon, 05-Dec-2022 01:59:21 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=8ef61e43-aa82-47d6-a28d-81c9c1f86d7a; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 534624
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

dnacdn.net/dna

178.250.0.157

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=PG7pZl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ3RjZEJKVUZRVUdnNk9sUGpqTjclMkJ6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 290890
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

mahasinsaif.banouta.net/sw.js

94.23.159.185

200 OK

0 B

URL HTTP/2
mahasinsaif.banouta.net/sw.js
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/t3-topic
Connection: keep-alive
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.146191530.1670191160; _gid=GA1.2.197279554.1670191160; _gat_gtag_UA_144347007_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

vidstatb.taboola.com/vid/blackScreen5.mp4

151.101.129.44

206 Partial Content

0 B

URL HTTP/2
vidstatb.taboola.com/vid/blackScreen5.mp4
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
age: 246141
x-served-by: cache-bma1658-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 84623
x-timer: S1670191165.675810,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2

imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1

151.101.129.44

200 OK

0 B

URL HTTP/2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.819417,VS0,VE24
vary: Accept-Encoding
X-Firefox-Spdy: h2

wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1

151.101.129.44

200 OK

0 B

URL HTTP/2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1478
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.871047,VS0,VE47
vary: Accept-Encoding
X-Firefox-Spdy: h2

stootsou.net/pfe/current/universal.min.js?v=3.1.409

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/pfe/current/universal.min.js?v=3.1.409
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059

151.101.129.44

200 OK

0 B

URL HTTP/2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1414
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191163.422860,VS0,VE31
vary: Accept-Encoding
X-Firefox-Spdy: h2

141.226.228.48

200 OK

0 B

URL HTTP/2
am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2

34.192.165.142

200 OK

0 B

URL HTTP/2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
34.192.165.142:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2

dnacdn.net/dna

178.250.0.157

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=0hpduF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ0NtN3IyOXBpJTJGNFJiMlVBVFd6aVlC; expires=Fri, 29 Dec 2023 21:59:25 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 333894
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

static.criteo.net/js/ld/publishertag.js

178.250.0.130

200 OK

0 B

URL HTTP/2
static.criteo.net/js/ld/publishertag.js
IP
178.250.0.130:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Mon, 05 Dec 2022 21:59:22 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

stootsou.net/pfe/current/tag.min.js?z=2308013

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/pfe/current/tag.min.js?z=2308013
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1

151.101.129.44

200 OK

0 B

URL HTTP/2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1406
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.341139,VS0,VE42
vary: Accept-Encoding
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (49)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations